Systems and methods support workspaces operating on an Information Handling System (IHS), where the workspaces utilize virtualization to operate in isolation from a portion of the hardware and software of the IHS. Resources of the IHS that are available for use by workspaces are registered with an orchestration service that is remote from the IHS and that manages deployment of workspaces on the IHS. A workspace is instantiated on the IHS according to a workspace definition provided by the orchestration service. The orchestration service also provides a handle that allows the workspace to access a particular resource of the IHS, where the handle includes an interface supported by an embedded controller of the IHS for providing access to the IHS resource. The workspace invokes the IHS resource using an interface provided in the handle. The handle thus provides a communication mechanism for workspaces to utilize local resources of the IHS.
Legal claims defining the scope of protection, as filed with the USPTO.
2. The method of claim 1, wherein the handle further comprises a token specifying a duration of the validity of the handle for providing the first workspace with access to the first resource.
3. The method of claim 2, wherein the handle further comprises one or more conditions for evaluating the validity of the token.
4. The method of claim 3, wherein the conditions comprise a minimum security score that must be maintained for the handle to remain valid, wherein the security score is determined based on a security context in which the first workspace operations.
5. The method of claim 1, wherein the interface of the handle comprises an API (Application Programming Interface) for invoking operations supported by the first resource of the IHS.
6. The method of claim 1, wherein the interface of the handle further comprises an IPC (Inter-Process Communication) resource of the IHS for communications between the first workspace and the embedded controller of the IHS.
7. The method of claim 1, wherein the first workspace cannot access the first resource of the IHS directly due to isolation of the first workspace from the portion of the hardware and software of the IHS.
8. The method of claim 1, wherein the embedded controller comprises a remote access controller that support remote management of the IHS.
9. The method of claim 1, wherein the token is generated by the workspace orchestration service based on a unique identifier of the IHS and based a unique identifier of the first workspace.
11. The IHS of claim 10, wherein the handle further comprises a token specifying a duration of the validity of the handle for providing the first workspace with access to the first resource.
12. The IHS of claim 11, wherein the handle further comprises one or more conditions for evaluating the validity of the token.
13. The IHS of claim 11, wherein the interface of the handle comprises an API (Application Programming Interface) for invoking operations supported by the first resource of the IHS.
14. The IHS of claim 11, wherein the interface of the handle further comprises an IPC (Inter-Process Communication) resource of the IHS for communications between the first workspace and the embedded controller of the IHS.
15. The IHS of claim 11, wherein the token is generated by the workspace orchestration service based on a unique identifier of the IHS and based a unique identifier of the first workspace.
17. The system of claim 16, wherein the handle further comprises a token specifying a duration of the validity of the handle for providing the first workspace with access to the first resource.
18. The system of claim 17, wherein the handle further comprises one or more conditions for evaluating the validity of the token.
19. The system of claim 16, wherein the interface of the handle comprises an API (Application Programming Interface) for invoking operations supported by the first resource of the IHS.
20. The system of claim 16, wherein the interface of the handle further comprises an IPC (Inter-Process Communication) resource of the IHS for communications between the first workspace and the embedded controller of the IHS.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
March 11, 2021
February 28, 2023
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.